Home > Net >  Azure Kusto syntax
Azure Kusto syntax

Time:01-06

I need to run a very simple query

requests 
| where cloud_RoleName == "blabla" 
| summarize Count=count() by url
| order by Count desc

only thing i need to get the data just from the past 5 minutes if i try this :

requests | where timestamp < ago(5m)
| where cloud_RoleName == "blabla" 
| summarize Count=count() by url
| order by Count desc

or this

requests 
| where cloud_RoleName == "blabla" and timestamp < ago(5m)
| summarize Count=count() by url
| order by Count desc

but all of them are returning answers with data older than 5 minutes. ive read the doc and i see no other way of writing this query

can anyone assist?

CodePudding user response:

Make sure to check if the timestamp is greater than the result of ago(). It returns the timestamp from e.g. 5 minutes ago, so if you want the data that is within last 5 minutes, you want the ones with a timestamp higher than that.

So the query should be:

requests
| where timestamp > ago(5m)
| where cloud_RoleName == "blabla" 
| summarize Count=count() by url
| order by Count desc

Page link:https//www.codepudding.com/net/252683.html

Prev:Key Vault reference in Azure App Service doesn't resolve
Next:how to check the logs in Azure portal in Application Insights for a specific user id or employee id?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding